Page MenuHome GnuPG

scdProject
ActivePublic

Watchers

  • This project does not have any watchers.
  • View All

Recent Activity

Today

gniibe added a project to T5979: SCardListReaders: Conditional jump or move depends on uninitialised value(s): Testing.

Possibly, we can use new GCC option: -ftrivial-auto-var-init=0xFEFEFEFE.
https://gcc.gnu.org/gcc-12/changes.html#uninitialized

Tue, May 17, 3:34 AM · Testing, backport, gnupg, scd, patch
gniibe claimed T5979: SCardListReaders: Conditional jump or move depends on uninitialised value(s).

The bug was there when it was initially written. It was in 2003, which introduced PC/SC in rG1bcf8ef9dea1: Cleanups, fixes and PC/SC support

Tue, May 17, 3:29 AM · Testing, backport, gnupg, scd, patch
gniibe added a comment to T5971: Yubikey: Removal of device is not detected by PC/SC.

When compiling the package, I can see that all 4 are applied.

Tue, May 17, 2:41 AM · Info Needed, yubikey, scd, Bug Report

Yesterday

oddlama added a comment to T5971: Yubikey: Removal of device is not detected by PC/SC.

I think that it means that you only applied the last two patches.

Mon, May 16, 4:14 PM · Info Needed, yubikey, scd, Bug Report
gniibe added a comment to T5971: Yubikey: Removal of device is not detected by PC/SC.

Thanks again for your update.

Mon, May 16, 3:08 AM · Info Needed, yubikey, scd, Bug Report

Sat, May 14

ludovic added a comment to T5979: SCardListReaders: Conditional jump or move depends on uninitialised value(s).

I just wrote a blog article about this problem
https://ludovicrousseau.blogspot.com/2022/05/scardlistreaders-and-non-initialized.html

Sat, May 14, 4:13 PM · Testing, backport, gnupg, scd, patch

Fri, May 13

werner added projects to T3391: cannot import subkey that was once marked to be on a card: scd, gpgagent.
Fri, May 13, 2:43 PM · gpgagent, scd, gnupg, OpenPGP, Bug Report
werner triaged T5977: Smartcard PIN stays in clear in memory as High priority.
Fri, May 13, 2:40 PM · pinentry, scd, gnupg (gpg22), Bug Report
werner triaged T5979: SCardListReaders: Conditional jump or move depends on uninitialised value(s) as High priority.

Thanks for opening a ticket.

Fri, May 13, 2:36 PM · Testing, backport, gnupg, scd, patch
oddlama added a comment to T5971: Yubikey: Removal of device is not detected by PC/SC.

Thanks a lot for your cooperation.

Fri, May 13, 2:28 PM · Info Needed, yubikey, scd, Bug Report
gniibe added a comment to T5971: Yubikey: Removal of device is not detected by PC/SC.

I put more fix for error handling of key algorithm attribute.
The change: rG53eddf9b9ea0: scd: Fail when no good algorithm attribute.

Fri, May 13, 3:21 AM · Info Needed, yubikey, scd, Bug Report
gniibe added a comment to T5971: Yubikey: Removal of device is not detected by PC/SC.

Thanks a lot for your cooperation.

Fri, May 13, 3:15 AM · Info Needed, yubikey, scd, Bug Report

Thu, May 12

oddlama added a comment to T5971: Yubikey: Removal of device is not detected by PC/SC.

Contrary to your expectations, all gpg --card-status fail after yubikey insertion:

Thu, May 12, 7:48 PM · Info Needed, yubikey, scd, Bug Report
gniibe added a comment to T5971: Yubikey: Removal of device is not detected by PC/SC.

Please do experiment again and give us the whole log of scdaemon.log for:

  • insert Yubikey initially
  • run gpg --card-status (success is expected)
  • remove Yubikey
  • insert Yubikey second time
  • run gpg --card-status (failure is expected)
Thu, May 12, 5:19 PM · Info Needed, yubikey, scd, Bug Report
oddlama added a comment to T5971: Yubikey: Removal of device is not detected by PC/SC.

In case you need any information, be sure to tell me. Maybe we can add some manual loggers to the patches, to confirm that everything is working as you imagine it to?

Thu, May 12, 12:36 PM · Info Needed, yubikey, scd, Bug Report
gniibe added a comment to T5971: Yubikey: Removal of device is not detected by PC/SC.

Umm... The problem is the last bogus octet from Yubikey. In the log, we see:

Thu, May 12, 1:43 AM · Info Needed, yubikey, scd, Bug Report

Wed, May 11

oddlama added a comment to T5971: Yubikey: Removal of device is not detected by PC/SC.

I'm certain I've applied the patches correctly. This is my current patchset:

Wed, May 11, 12:49 PM · Info Needed, yubikey, scd, Bug Report
gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

The change improve error handling for possible other errors by device: rG53eddf9b9ea0: scd: Fail when no good algorithm attribute.

Wed, May 11, 4:31 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a comment to T5971: Yubikey: Removal of device is not detected by PC/SC.

Thank you for the logs. It seems that scdaemon didn't detect the removal correctly.

Wed, May 11, 1:50 AM · Info Needed, yubikey, scd, Bug Report

Tue, May 10

oddlama added a comment to T5971: Yubikey: Removal of device is not detected by PC/SC.

I've uploaded the requested information with triple verbose and debug-all setting in the scdaemon.conf as scdaemon.log.

Tue, May 10, 10:17 PM · Info Needed, yubikey, scd, Bug Report
gniibe edited projects for T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys, added: Testing; removed gnupg.

Applied to 2.2 branch, too.

Tue, May 10, 7:29 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe removed a project from T5971: Yubikey: Removal of device is not detected by PC/SC: gnupg.
Tue, May 10, 7:00 AM · Info Needed, yubikey, scd, Bug Report
gniibe removed a project from T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys: Info Needed.
Tue, May 10, 3:50 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I examined all log files you gave us, and I think that scdaemon with PC/SC fails to detect the removal of the USB device.

Tue, May 10, 3:48 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe triaged T5971: Yubikey: Removal of device is not detected by PC/SC as Normal priority.
Tue, May 10, 2:51 AM · Info Needed, yubikey, scd, Bug Report

Mon, May 9

oddlama added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I've applied the linked patch, but still experience the error. Most of the times, I cannot access my yubikey at all and I am not sure what is blocking it.
I've tried to include as much debugging output as I could below. Please let me know if there is anything else I can do to debug this.

Mon, May 9, 12:54 PM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a project to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys: backport.
Mon, May 9, 6:52 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a project to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys: Info Needed.

The patch rG054d14887ef8: scd: Add workaround for ECC attribute on Yubikey. fixes a particular problem of Yubikey implementation where it returns bogus octet for its data object of C1, C2, and C3.

Mon, May 9, 4:53 AM · Testing, backport, yubikey, scd, segv, Bug Report

Fri, May 6

oddlama added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

With the patch and after starting a new gpg-agent, gpg --card-status now works immediately.
But when I re-plug the yubikey, gpg reports gpg: OpenPGP card not available: Card error until either gpg-agent is restarted, or pcscd is restarted.
pcsc-lite in debug mode reports no errors, but one log is obviously much shorter as gpg fails early (I've attached both).

Fri, May 6, 1:42 PM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a comment to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.

I pushed a workaround.

Fri, May 6, 11:28 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe renamed T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys from scdaemon causes libc segfault and clashes with pcsc-lite despite using disable-ccid to Yubikey: scdaemon causes libc segfault and clashes with ECC keys.
Fri, May 6, 11:26 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe added a project to T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys: yubikey.
Fri, May 6, 10:07 AM · Testing, backport, yubikey, scd, segv, Bug Report
gniibe claimed T5963: Yubikey: scdaemon causes libc segfault and clashes with ECC keys.
Fri, May 6, 8:56 AM · Testing, backport, yubikey, scd, segv, Bug Report

Mon, May 2

werner added a project to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com: workaround.
Mon, May 2, 10:19 AM · workaround, Testing, gnupg (gpg23), ssh, Bug Report, scd
gniibe added a comment to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com.
KexAlgorithms -sntrup761x25519-sha512@openssh.com
Mon, May 2, 10:17 AM · workaround, Testing, gnupg (gpg23), ssh, Bug Report, scd

Thu, Apr 28

ikloecker added a comment to T5942: scdaemon is blocking system shutdown.

FWIW, your comments about the autostart script do not match with the running processes. Obviously, the autostart script starts gpg-agent with different command line options than the running process. My conclusion is that the autostart script isn't used. Or maybe it is started, but gpg-agent immediately terminates because it notices that another instance is already running.

Thu, Apr 28, 10:12 AM · Support, scd, gpgagent
ikloecker added a comment to T5942: scdaemon is blocking system shutdown.

If you add an autostart script then you may have to add a corresponding shutdown script as well, e.g. a script running gpgconf --kill all. You cannot expect that daemons, that you start via an autostart script, magically know when they should terminate.

Thu, Apr 28, 10:01 AM · Support, scd, gpgagent
werner triaged T5942: scdaemon is blocking system shutdown as Low priority.
Thu, Apr 28, 8:48 AM · Support, scd, gpgagent
szotsaki added a comment to T5942: scdaemon is blocking system shutdown.

Thank you for the hints!

Thu, Apr 28, 8:24 AM · Support, scd, gpgagent
gniibe reopened T5942: scdaemon is blocking system shutdown as "Open".

Thank you for the explanation. (It's not related to --supervised, I suppose.)

Thu, Apr 28, 4:03 AM · Support, scd, gpgagent

Wed, Apr 27

szotsaki added a comment to T5942: scdaemon is blocking system shutdown.

I see the following GPG-related commands running currently (with disable-scdaemon in config file):

Wed, Apr 27, 6:06 PM · Support, scd, gpgagent
ikloecker placed T5546: Kleopatra: After importing the first pubkey for a card from LDAP the keylistview is not refreshed up for grabs.

The issues mentioned in the previous comment have been fixed.

Wed, Apr 27, 1:22 PM · scd, Info Needed, Restricted Project, kleopatra
ikloecker claimed T5546: Kleopatra: After importing the first pubkey for a card from LDAP the keylistview is not refreshed.

I had a look at the file system watcher we use to react on changes in the GnuPG home directory. It doesn't watch the private keys living in private-keys-v1.d. Moreover, it does not handle the removal of files properly.

Wed, Apr 27, 11:18 AM · scd, Info Needed, Restricted Project, kleopatra

Tue, Apr 26

gniibe added a comment to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com.

My Yubikey (Yubico.com Yubikey 4/5 OTP+U2F+CCID) works fine with OpenSSH using kex of sntrup761x25519-sha512@openssh.com.

Tue, Apr 26, 7:44 AM · workaround, Testing, gnupg (gpg23), ssh, Bug Report, scd

Mon, Apr 25

werner closed T5942: scdaemon is blocking system shutdown as Wontfix.

Please contact the Debian developers for any systemd/gnupg issues. We don't suggest the use of the --supervised option because it causes more problems than it claims to solve.

Mon, Apr 25, 11:53 AM · Support, scd, gpgagent
gniibe added a comment to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com.

Sorry, I was confused. For RSA-4096, data is hashed by gpg-agent and hashed data is signed by a card.

Mon, Apr 25, 9:51 AM · workaround, Testing, gnupg (gpg23), ssh, Bug Report, scd
szotsaki created T5942: scdaemon is blocking system shutdown.
Mon, Apr 25, 8:15 AM · Support, scd, gpgagent
werner added a comment to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com.

We are using rsa-4096 on smartcard for quite some time; so I wonder what's the problem here. Is that that we don't use our Assuan hack for large key material with OpenPGP.3?

Mon, Apr 25, 8:07 AM · workaround, Testing, gnupg (gpg23), ssh, Bug Report, scd
gniibe added a comment to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com.

There is another case: RSA-4096 key. scdaemon rejects data by Invalid value. Unfortunately, there is no fix for this, as it's really too large. Even if scdaemon allows larger data, the card implementation rejects, when it conforms to PKCS #1 standard (data should not be larger than 40% of the modulus).

Mon, Apr 25, 4:35 AM · workaround, Testing, gnupg (gpg23), ssh, Bug Report, scd

Fri, Apr 22

gniibe added a project to T5935: scd: SSH emulation of gpg-agent doesn't work well with sntrup761x25519-sha512@openssh.com: Testing.
Fri, Apr 22, 6:50 AM · workaround, Testing, gnupg (gpg23), ssh, Bug Report, scd